#This is example of using hostapd with an external radius server #enable_karma=0 #karma_black_white=1 #karma_ssid_file=/etc/hostapd/hostapd_karma_ssid interface=wlan1 ssid=PentooTest driver=nl80211 hw_mode=g wmm_enabled=1 logger_stdout=-1 logger_stdout_level=0 dump_file=/tmp/hostapd.dump ctrl_interface=/var/run/hostapd ieee8021x=1 eapol_key_index_workaround=0 own_ip_addr=127.0.0.1 #We use net-dialup/freeradius by default auth_server_addr=127.0.0.1 auth_server_port=1812 auth_server_shared_secret=testing123 wpa=3 wpa_key_mgmt=WPA-EAP channel=6 wpa_pairwise=TKIP CCMP rsn_pairwise=TKIP CCMP # Use integrated EAP server instead of external RADIUS authentication # server. This is also needed if hostapd is configured to act as a RADIUS # authentication server. eap_server=0 #eap_user_file=/etc/hostapd/hostapd.eap_user #ca_cert=/etc/hostapd/hostapd/ca.pem #server_cert=/etc/hostapd/hostapd/server.pem #private_key=/etc/hostapd/hostapd/privkey.pem #private_key_passwd=MyPassword # Enable CRL verification. # Note: hostapd does not yet support CRL downloading based on CDP. Thus, a # valid CRL signed by the CA is required to be included in the ca_cert file. # This can be done by using PEM format for CA certificate and CRL and # concatenating these into one file. Whenever CRL changes, hostapd needs to be # restarted to take the new CRL into use. # 0 = do not verify CRLs (default) # 1 = check the CRL of the user certificate # 2 = check all CRLs in the certificate path check_crl=0 # Encryption key for EAP-FAST PAC-Opaque values. This key must be a secret, # random value. It is configured as a 16-octet value in hex format. It can be # generated, e.g., with the following command: # od -tx1 -v -N16 /dev/random | colrm 1 8 | tr -d ' ' #pac_opaque_encr_key=000102030405060708090a0b0c0d0e0f # EAP-FAST authority identity (A-ID) # A-ID indicates the identity of the authority that issues PACs. The A-ID # should be unique across all issuing servers. In theory, this is a variable # length field, but due to some existing implementations requiring A-ID to be # 16 octets in length, it is strongly recommended to use that length for the # field to provid interoperability with deployed peer implementations. This # field is configured in hex format. #eap_fast_a_id=101112131415161718191a1b1c1d1e1f # EAP-FAST authority identifier information (A-ID-Info) # This is a user-friendly name for the A-ID. For example, the enterprise name # and server name in a human-readable format. This field is encoded as UTF-8. #eap_fast_a_id_info=test server # Enable/disable different EAP-FAST provisioning modes: #0 = provisioning disabled #1 = only anonymous provisioning allowed #2 = only authenticated provisioning allowed #3 = both provisioning modes allowed (default) #eap_fast_prov=3 # EAP-FAST PAC-Key lifetime in seconds (hard limit) #pac_key_lifetime=604800 # EAP-FAST PAC-Key refresh time in seconds (soft limit on remaining hard # limit). The server will generate a new PAC-Key when this number of seconds # (or fewer) of the lifetime remains. #pac_key_refresh_time=86400 # EAP-SIM and EAP-AKA protected success/failure indication using AT_RESULT_IND # (default: 0 = disabled). #eap_sim_aka_result_ind=1 # Trusted Network Connect (TNC) # If enabled, TNC validation will be required before the peer is allowed to # connect. Note: This is only used with EAP-TTLS and EAP-FAST. If any other # EAP method is enabled, the peer will be allowed to connect without TNC. #tnc=1